A nefarious text message could be on its way to a smartphone near you. This is a message, often purporting to be from your bank asking you for personal or financial information such as your account or ATM number. Providing the information is as good as handing thieves the keys to your bank balance.
Smishing is a portmanteau of "SMS" (short message services, better known as texting) and "phishing." When cybercriminals "phish," they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email.
Texting is the most common use of smartphones. Experian found that adult mobile users aged 18 to 24 send more than 2,022 texts per month—on average, that's 67 per day—and receive 1,831.
A couple of other factors make this a particularly insidious security threat. Most people know something of the risks of email fraud. You've probably learned to be suspicious of emails that say "Hi—check out this cool link," and don't contain an actual personal message from the supposed sender.
When people are on their phones, they are less wary. Many assume that their smartphones are more secure than computers. But smartphone security has limitations, and cannot directly protect against smishing. As noted by WillisWire, cybercrime aimed at mobile devices is rocketing, just as mobile device usage is. However, while Android devices remain the prime target for malware—simply because so many of them are out there; and the platform offers greater flexibility for customers (and cybercriminals!)—smishing, like SMS itself works cross-platform. This puts iPhone and iPad users at particular risk because they often feel they are immune to attack. Although Apple's iOS mobile technology has a good reputation for security, no mobile operating system can by itself protect you from phishing-style attacks. Another risk factor is that you use your smartphone on the go, often when you're distracted or in a hurry. This means you're more likely to get caught with your guard down and respond without thinking when you receive a message asking for bank information or to redeem a coupon.
In a nutshell, like most cybercriminals, they are out to steal your personal data, which they can then use to steal money—usually yours, but sometimes also your company's. Cybercriminals use two methods to steal this data. They might trick you into downloading malware that installs itself on your phone. This malware might masquerade as a legitimate app, tricking you into typing in confidential information and sending this data to the cybercriminals. On the other hand, the link in the smishing message might take you to a fake site where you're asked to type sensitive personal information that the cybercriminals can use to steal your online ID.
As more and more people use their personal smartphones for work (a trend called BYOD, or "bring your own device") smishing is becoming a business threat as well as a consumer threat. So it should come as no surprise that, according to Cloudmark, smishing has become the leading form of malicious text message.
The good news is that the potential ramifications of these attacks are easy to protect against. In fact, you can keep yourself safe by doing nothing at all. The attack can only do damage if you take the bait. There are a few things to keep in mind that will help you protect yourself against these attacks.
Remember that, like email phishing, smishing is a crime of trickery—it depends on fooling the victim into cooperating by clicking a link or providing information. Indeed, the simplest protection against these attacks is to do nothing at all. So long as you don't respond, a malicious text cannot do anything. Ignore it and it will go away.
Other helpful reads and links related to Smishing
A nefarious text message could be on its way to a smartphone near you. This is a message, often purporting to be from your bank asking you for personal or financial information such as your account or ATM number. Providing the information is as good as handing thieves the keys to your bank balance.